Cloudflare Collaborates With Leading Browsers to Develop a Privacy-First Protocol For the Global Internet
16 points by freddyb
16 points by freddyb
I guess the loud noise I was hearing today was the red flag factory working at full capacity.
They’re creating a “trust cartel” by forcing users to maintain actively tracked corporate accounts just to navigate the web. This basically defines a “legitimate human” as an economically active consumer within approved corporate monopolies
I’m exhausted by this relentless steam of attacks.
That's just it; the whole fight for user privacy is a War of Attrition, and the victor will always be the side that has the resources to wear the other down. We are being beaten into a state of tired compliance, but most users seem wholly unaware of this, so any sort of organized resistance feels like herding cats and has felt that way in the two decades I've dumped energy into this fight by trying to keep up and help those in my immediate circle, who, by the way, found every privacy-protecting solution and change in their workflow to be an exercise in inconvenience.
Hate to say it, but I've nearly given up. I won't say I've joined the other side, but despite my best efforts, my info is out there, my ads are targeted, and my brain is being hacked by dark pattern influences. We don't talk enough about just how exausting this whole thing is or that our only choice for complete privacy is disowning the connected world at large, which, by my reckoning, nobody is willing to do. Every solution or initiative like the one in this article is either driven by untrustworthy actors, or starts off pure only to have the ulterior motives of some future controling stakeholder quietly injected into it.
It really seems like there is nothing we can do as a long-term effective solution to the privacy problem. And boy, do I sure hope I am so, so wrong.
The use of Edge as a distinct browser remains infuriating - it’s literally a chrome wrapper. This continuing use of Edge (or other chrome wrappers) as if they’re distinct browsers is such an obnoxious and odious form of ballot stuffing by chrome. Essentially chrome has 1+N votes where N is the number of chrome wrappers they get involved.
It would be like safari using gtkwevkit or WPE as separate browsers to support their positions.
Private Access Control Tokens (PACT) are designed to allow sites with strong knowledge of “personhood” to issue anonymous tokens. A user's browser can then provide these tokens to other sites to prove that a human is in the loop, reducing the need for annoying and clunky captchas or invasive tracking. PACT is designed so that sites cannot leverage it to track or identify users or their browsing history.
I'm a little spooked by that "strong knowledge of personhood" line.
It reminds me very much of the recent global push towards ID-ing users online and (without more details to properly know) it sounds like a means of locking off the net from genuine users who can't / don't want to use such a site that has a strong knowledge of their personhood.
I hope I'm just overthinking this.
Edit: Hm, upon further reading, I'd merge this with the Mozilla announcement's post and also plug this Mozilla Hacks writeup, that talks more about their proposed implementation.
I think my knee-jerk reaction may have been a bit overblown, but it still reads like a very complex multi-party system that needs to all mesh nicely together for this to be as effortless and privacy-preserving as they want.
Presumably a reason safari is not involved in the major browsers list.
(Recalling a common complaint from Google that safari/webkit’s complaints about privacy problems in new proposals are overblown - whether or not you agree with their position you can imagine something like this leading to such concerns from webkit)
Also given Google is responsible for one of the major scrapers I’m curious about whether this is either by-passable in some way, or Google simply believes it has scraped enough so now cutting off the ability to scrape is a competitively good choice). In principle you can imagine it is very easy for Google to use the built in AI “features” in chrome to effectively use real users for content scraping.
Safari is not involved because they're happy with Private Access Tokens, which rely on hardware attestation (like WEI would have). Mozilla and Chrome don't get to rely on gating their software to expensive hardware with a trusted bootloader.
Oh great. So token distributors get to arbitrate people’s personhood. That’s sure to go well for everybody.
Ah, and then cloudflare gets to charge to allow bot access. This is an incredible path for making money on micro payments.
I think this should be merged in to this other thread, which has more details and links a technical writeup.